Table of Contents

Step 1: Disable SSL 2 and SSL 3, leaving only TLS

At the top of the Firefox window, click on the Firefox button and then select Options.At the top of the Firefox window, click on the Tools menu and then select Options.On the menu bar, click on the Firefox menu and select Preferences....At the top of the Firefox window, click on the Edit menu and select Preferences.

Click the menu button
and choose Options.Preferences.

In the optionspreferences window, select the Advanced panel, then select the Encryption tab.

Remove the check from the Use SSL 3.0 box, and ensure that the Use TLS 1.0 box is checked.

Step 3: Disable all the non-FIPS TLS cipher suites in about:config

The about:config "This might void your warranty!" warning page may appear. Click I'll be careful, I promise!I accept the risk! to continue to the about:config page.

In the text box by the word Filter:, type in ssl.

You should see a page that has preferences that are similar to the ones shown below. Go through your preferences and compare each one to the ones shown below. If you don't have all the preferences shown below, or if you have preferences not shown below, don't worry about them. Just compare the preferences whose names match the ones shown below. Make sure that each of your ssl preferences has the same true/false value as shown below. If any preference does not have a matching value, double-click it to change it.

Filter:

ssl

Preference Name

Status

Type

Value

security.enable_ssl2

default

boolean

false

security.enable_ssl3

user set

boolean

false

security.ssl2.des_64

default

boolean

false

security.ssl2.des_ede3_192

default

boolean

false

security.ssl2.rc2_128

default

boolean

false

security.ssl2.rc2_40

default

boolean

false

security.ssl2.rc4_128

default

boolean

false

security.ssl2.rc4_40

default

boolean

false

security.ssl3.dhe_dss_aes_128_sha

default

boolean

true

security.ssl3.dhe_dss_aes_256_sha

default

boolean

true

security.ssl3.dhe_dss_camellia_128_sha

user set

boolean

false

security.ssl3.dhe_dss_camellia_256_sha

user set

boolean

false

security.ssl3.dhe_dss_des_ede3_sha

default

boolean

true

security.ssl3.dhe_dss_des_sha

default

boolean

false

security.ssl3.dhe_rsa_aes_128_sha

default

boolean

true

security.ssl3.dhe_rsa_aes_256_sha

default

boolean

true

security.ssl3.dhe_rsa_camellia_128_sha

user set

boolean

false

security.ssl3.dhe_rsa_camellia_256_sha

user set

boolean

false

security.ssl3.dhe_rsa_des_ede3_sha

default

boolean

true

security.ssl3.dhe_rsa_des_sha

default

boolean

false

security.ssl3.ecdh_ecdsa_aes_128_sha

default

boolean

true

security.ssl3.ecdh_ecdsa_aes_256_sha

default

boolean

true

security.ssl3.ecdh_ecdsa_des_ede3_sha

default

boolean

true

security.ssl3.ecdh_ecdsa_null_sha

default

boolean

false

security.ssl3.ecdh_ecdsa_rc4_128_sha

user set

boolean

false

security.ssl3.ecdh_rsa_aes_128_sha

default

boolean

true

security.ssl3.ecdh_rsa_aes_256_sha

default

boolean

true

security.ssl3.ecdh_rsa_des_ede3_sha

default

boolean

true

security.ssl3.ecdh_rsa_null_sha

default

boolean

false

security.ssl3.ecdh_rsa_rc4_128_sha

user set

boolean

false

security.ssl3.ecdhe_ecdsa_aes_128_sha

default

boolean

true

security.ssl3.ecdhe_ecdsa_aes_256_sha

default

boolean

true

security.ssl3.ecdhe_ecdsa_des_ede3_sha

default

boolean

true

security.ssl3.ecdhe_ecdsa_null_sha

default

boolean

false

security.ssl3.ecdhe_ecdsa_rc4_128_sha

user set

boolean

false

security.ssl3.ecdhe_rsa_aes_128_sha

default

boolean

true

security.ssl3.ecdhe_rsa_aes_256_sha

default

boolean

true

security.ssl3.ecdhe_rsa_des_ede3_sha

default

boolean

true

security.ssl3.ecdhe_rsa_null_sha

default

boolean

false

security.ssl3.ecdhe_rsa_rc4_128_sha

user set

boolean

false

security.ssl3.rsa_1024_des_cbc_sha

default

boolean

false

security.ssl3.rsa_1024_rc4_56_sha

default

boolean

false

security.ssl3.rsa_aes_128_sha

default

boolean

true

security.ssl3.rsa_aes_256_sha

default

boolean

true

security.ssl3.rsa_camellia_128_sha

user set

boolean

false

security.ssl3.rsa_camellia_256_sha

user set

boolean

false

security.ssl3.rsa_des_ede3_sha

default

boolean

true

security.ssl3.rsa_des_sha

default

boolean

false

security.ssl3.rsa_fips_des_ede3_sha

user set

boolean

false

security.ssl3.rsa_fips_des_sha

default

boolean

false

security.ssl3.rsa_null_md5

default

boolean

false

security.ssl3.rsa_null_sha

default

boolean

false

security.ssl3.rsa_rc2_40_md5

default

boolean

false

security.ssl3.rsa_rc4_128_md5

user set

boolean

false

security.ssl3.rsa_rc4_128_sha

user set

boolean

false

security.ssl3.rsa_rc4_40_md5

default

boolean

false

When all the entries match, you're done. You should exit and restart Firefox to ensure that the changes are properly recorded.